buffer size confusion in vastrock-huang/minivpn


Reported on

Jun 5th 2022


an attempt to write 2000 into a buffer of 10 bytes, while SSL_read does not add a zero at the end.

Proof of Concept

#define BUFF_SIZE 2000 
char buf[10];
int virtualIP = atoi(buf);


by changing the network data, you can access remote code execution. gives out that the application is building vpn, the information is also very sensitive.

We are processing your report and will contact the vastrock-huang/minivpn team within 24 hours. a year ago
ihsinme submitted a
a year ago
We created a GitHub Issue asking the maintainers to create a SECURITY.md a year ago
We have contacted a member of the vastrock-huang/minivpn team and are waiting to hear back a year ago
vastrock-huang gave praise a year ago
Great work @ihsinme 👌, I have fixed this according to your patch.
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
We have sent a follow up to the vastrock-huang/minivpn team. We will try again in 7 days. a year ago
vastrock-huang validated this vulnerability a year ago
ihsinme has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
vastrock-huang marked this as fixed in 0 with commit 9acc42 a year ago
ihsinme has been awarded the fix bounty
This vulnerability will not receive a CVE
client.c#L299-L299 has been validated
to join this conversation